kustomize entry example and basic syntax instructions

本文对kustomize进行学习,参见文档GitHub, Document.

kustomizelets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.

在v1.14之后,the kustomize build systembe joined tokubectl中.安装kustomize请参见Install.

一般使用base+overlays的方式来管理yaml文件,base中包含resource yamlfile and your ownkustomization.yaml文件,overlays中包含base的变种,用来对base中的yaml文件进行修改,Adapt to different environments.

The usual file structure is as follows：

~/someApp
├── base
│   ├── deployment.yaml
│   ├── kustomization.yaml
│   └── service.yaml
└── overlays
    ├── development
    │   ├── cpu_count.yaml
    │   ├── kustomization.yaml
    │   └── replica_count.yaml
    └── production
        ├── cpu_count.yaml
        ├── kustomization.yaml
        └── replica_count.yaml

Use the following command to generateYAML文件,也可以直接apply生成的YAML文件.

kustomize build ~/someApp/overlays/production
kustomize build ~/someApp/overlays/production | kubectl apply -f -

The specific use is explained belowKustomization.yaml来定制化k8s yaml文件.

Kustomization.yaml中通常包含3种类型的标注：

• Generator 用来为Kustomize提供Resource Config,像：bases, resources, configMapGenerator, secretGenerator;
• Transformers 用来修改Resource Config, 包括：images, namespace, namePrefix, nameSuffix, vars, commonAnnotations, commonLabels, patchesJson6902, patchesStrategicMerge;
• Meta 用来配置Generator和Transformers的行为,包括：configurations, generatorOptions.

-bases:

basesUsed to provide a series of includeskustomization.yamlfile directory or git repo.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- path/to/dir/with/kust/
- https://github.com/org/repo/dir/

-resources：

Used to specify a series of needs to be configuredResource Config file,More than one can be defined in each fileresource config并使用"\n---\n"来分隔.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# list of files containing Resource Config to add
resources:
- path/to/resource.yaml
- another/path/to/resource.yaml

-configMapGenerator：

Contains a series of needs to be generatedConfigMaps.默认情况下,会将configmap的hash作为name的后缀,放在nameSuffix之后.

ConfigMap datachanges will create new onesname的ConfigMap,And rolling updates are being usedConfigMap.PodTemplates中使用ConfigMap需要使用configMapGenerator的name,这样configmap nameIt will be updated automatically after the updaterefer的configmap name.

通过指定generatorOptions.disableNameSuffixHash=true并将该kustomization.yaml作为base,will make generatedconfigmap中不包含hash后缀.But this way there will be no rolling upgrades to update in real timeconfigmap.

包含如下的参数：

• behavior：定义在basespecified in the middlemerge行为,包括：create, replace, merge.
• env：指定生成configmap的文件,文件内容以key=value指定;
• files: 指定用来生成configmap的多个文件,文件名作为configmap key,文件内容作为value;
• literals：使用key=valueRight to generateconfigmap;
• name：configmap的名称,会被nameprefix和namesuffix修改;
• namespace：指定configmap的namespace,会被kustomize的namespace修改.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
configMapGenerator:
# generate a ConfigMap named my-java-server-props-<some-hash> where each file
# in the list appears as a data entry (keyed by base filename).
- name: my-java-server-props
  files:
  - application.properties
  - more.properties
# generate a ConfigMap named my-java-server-env-vars-<some-hash> where each literal
# in the list appears as a data entry (keyed by literal key).
- name: my-java-server-env-vars
  literals:    
  - JAVA_HOME=/opt/java/jdk
  - JAVA_TOOL_OPTIONS=-agentlib:hprof
# generate a ConfigMap named my-system-env-<some-hash> where each key/value pair in the
# env.txt appears as a data entry (separated by \n).
- name: my-system-env
  env: env.txt

-secretGenerator

用来生成Secrets.跟configMapGenerator类似,secretGenerator的nameThere will be laterhash值并在hashCreate a new one when the value changessecret进行滚动升级,同样,可以取消.

具有configMapGeneratorAll parameters in and have the same meaning.同时,存在参数type来指定Secret的类型,若为"http://kubernetes.io/tls",需要包含2个key:"tls.key" and "tls.crt".

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
  # generate a tls Secret
- name: app-tls
  files:
    - secret/tls.cert
    - secret/tls.key
  type: "kubernetes.io/tls"
- name: env_file_secret
  # env is a path to a file to read lines of key=val
  # you can only specify one env file per secret.
  env: env.txt
  type: Opaque

-commonAnnotations

used for allresourcesAdd or update assignmentsannotation.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonAnnotations:
  annotationKey1: "annotationValue2"
  annotationKey2: "annotationValue2"

-commonLabels

类似于commonAnnotations,used for allresourceAdd or update assignmentslabel.但不同的是,label也会添加到PodTemplates中的label selector和label字段.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
  labelKey1: "labelValue1"
  labelKey2: "labelValue2"

-images

Used to update all matchesimage name的[spec.template.]spec.containers.image字段中的image name和image tag.

若image名称为name:tag,digest用来替代tag来refer image的另一种方法.Has the following parameters：

• name for getting matchesimage name的所有image;
• newName to replace all matchesimage的name;
• newTag to replace all matchesimage的tag;
• digest to replace all matchesimage的tag;

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
  - name: postgres
    newName: my-registry/my-postgres
    newTag: v1
  - name: nginx
    newTag: 1.8.0
  - name: my-demo-app
    newName: my-app
  - name: alpine
    digest: sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3

-patchesJson6902

用来根据path指定的json或yaml文件来生成target指定的k8s resource.Target中可以包含group, kind, name, namespace, version等信息,Path中指定patch file的路径.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patchesJson6902:
- target:
    version: v1
    kind: Deployment
    name: my-deployment
  path: add_init_container.yaml
- target:
    version: v1
    kind: Service
    name: my-service
  path: add_service_annotation.yaml

其中,path字段指定的JSON patch文件,格式参见JSON patch.示例如下：

 - op: add
   path: /some/new/path
   value: value
 - op: replace
   path: /some/existing/path
   value: new value

-patchesStrategicMerge

为匹配的resource config实施patches.It is recommended to use a small one that only modifies a single resourcepatch.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patchesStrategicMerge:
- service_port_8888.yaml
- deployment_increase_replicas.yaml
- deployment_increase_memory.yaml

-namespace

used to specify allresource的namespace,会覆盖resourcealready specified in namespace.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: "my-app-namespace"

-namePrefix/nameSuffix

used for allresource nameSpecify a prefix or suffix.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namePrefix: "my-app-name-prefix-"
nameSuffix: "-my-app-name-suffix"

-vars

用来定义Pod containerparameters or environment variables in ,使用$(MY_VAR_NAME)来使用变量.

包含如下参数：

• name 变量的名称,以${name}方式使用
• objref Reference to the object containing the field to be referenced.
• fieldref Reference to the field in the object, 默认为metadata.name

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
vars:
  - name: SOME_SECRET_NAME
    objref:
      kind: Secret
      name: my-secret
      apiVersion: v1
  - name: MY_SERVICE_NAME
    objref:
      kind: Service
      name: my-service
      apiVersion: v1
    fieldref:
      fieldpath: metadata.name
  - name: ANOTHER_DEPLOYMENTS_POD_RESTART_POLICY
    objref:
      kind: Deployment
      name: my-deployment
      apiVersion: apps/v1
    fieldref:
      fieldpath: spec.template.spec.restartPolicy

使用示例：

containers:
- image: myimage
  command: ["start", "--host", "$(MY_SERVICE_NAME)"]
  env:
   - name: SECRET_TOKEN
     value: $(SOME_SECRET_NAME)

Meta options用来控制KustomizeHow to generate to updateresource config.包含configurations和generatorOptions.

-configurations

用来配置built-in Kustomize Transformers指定CRD过程中的行为.

-generatorOptions

用来定制化configmap/secret generator的行为.

示例：

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generatorOptions:
  # labels to add to all generated resources
  labels:
    kustomize.generated.resources: somevalue
  # annotations to add to all generated resources
  annotations:
    kustomize.generated.resource: somevalue
  # disableNameSuffixHash is true disables the default behavior of adding a
  # suffix to the names of generated resources that is a hash of
  # the resource contents.
  disableNameSuffixHash: true

样例Kustomization.yaml参见Kustomization.yaml.

参考链接：

kustomize - 知乎本文对kustomize进行学习,参见文档 GitHub, Document. kustomizelets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.在 v1.14之…https://zhuanlan.zhihu.com/p/92487688